package com.property.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/**
 * Spring Security配置类
 * 配置Spring Security与Sa-Token共存
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig {

    /**
     * 配置Spring Security过滤器链
     * 完全禁用所有安全特性，允许所有请求通过
     */
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        // 禁用CSRF保护
        http.csrf().disable()
            // 禁用HTTP Basic认证
            .httpBasic().disable()
            // 禁用表单登录
            .formLogin().disable()
            // 禁用默认登出
            .logout().disable()
            // 禁用匿名用户
            .anonymous().disable()
            // 禁用会话管理
            .sessionManagement().disable()
            // 允许所有请求（认证由Sa-Token处理）
            .authorizeRequests().anyRequest().permitAll();
        
        return http.build();
    }
    
    /**
     * 配置Spring Security忽略的路径
     * 让所有请求都绕过Spring Security的过滤器链
     */
    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web.ignoring().antMatchers("/**");
    }
} 